As we start 2018, security teams are facing two of the most serious security vulnerabilities in recent memory. Meltdown and Spectre are related hardware design exploits that affect almost every modern CPU. These exploits use an architectural technique known as “speculative execution” to read memory locations that are supposed to be reserved for the computer kernel. Both of these vulnerabilities have the potential to expose cryptographic keys, which would place your machine identities at risk.
Meltdown CVE-2017-5754) breaks the fundamental isolation barriers between applications run by users and the computer’s operating system; this barrier is normally highly protected. A successful exploit of Meltdown could allow even simple programs, such as the Java script that runs when a browser visits a web page, to access the memory and secrets of other applications and the operating system. Data leaked could include files, passwords and cryptographic keys.
The vulnerability Meltdown exists in almost every Intel processor manufactured after 1995. Furthermore, cloud providers without real hardware virtualization, such as those that rely on containers that share one Docker, LXC, or OpenVZ kernel, are susceptible to Meltdown.
Spectre (CVE-2017-5753 and CVE-2017-5715) breaks the isolation between different applications running on a CPU. A successful exploit could allow an attacker to steal a wide range of sensitive data from otherwise secure, error-free programs including; logins and passwords, credit card and financial data, and cryptographic keys. Ironically, the safety checks used by applications that follow secure coding practices actually increase the attack surface and may make applications more susceptible to Spectre. At present, Spectre has only been shown to break the isolation between user level applications, but it seems likely the attack can be developed further.
Practically every computing device is affected by Spectre, including laptops, desktops, tablets, smartphones and even cloud computing systems. Depending on the architecture of your cloud providers’ infrastructure, attackers may be able to use Spectre to steal data from multiple tenants. Cloud providers that use Intel CPUs and Xen PV as virtualization are particularly susceptible.
Spectre is more difficult to exploit than Meltdown but it is also more challenging to mitigate due to its generality. The original white paper even speculates that significant changes in microprocessor architecture might be needed to fully address the problem.
At the moment, there are no known exploits of these vulnerabilities in the wild. However, because of the severity of these vulnerabilities, experts expect that hackers will quickly develop programs to launch attacks now that detailed information is publicly available. We should also assume that these programs will make their way into standard attacker tool kits.
Meltdown and Spectre are continuing evidence of the need to be able to quickly and automatically replace keys and certificates on a large scale. This capability is essential to maintaining effective protection for machine identities, making it foundational to every security strategy and architecture. Are you prepared to rotate large numbers of keys and certificates without disrupting your business?